About Kerberos Authentication and the SPNEGO
Protocol

Kerberos is an authentication protocol developed by the Massachusetts
Institute of Technology. The Key Distribution Center (KDC) is the
component of Kerberos that is responsible for issuing credentials.
A credential is a packet of information that includes a ticket-granting
ticket (TGT) and a matching session key. A ticket is an information
packet that is used to securely pass the identity of a user to a server
or service. After a ticket has been issued, it can be reused until
the ticket expires. The session key contains information that is specific
to the user and the service that is being accessed. The session key
is shared between the client and service to secure transactions between
them. The credential is encrypted with the requesting principal's
key. For more information about Kerberos authentication, see Kerberos V5 Administrator's Guide.

The SPNEGO protocol is described in the abstract IETF RFC
2478. The SPNEGO protocol is intended to be used in environments
where multiple GSS-API mechanisms are available to the client or server,
and neither side knows what mechanisms are supported by the other.